Solving for fraud, biometrics are the future of mortgage

Knowledge Based Authentication has a fatal flaw: humans

Better, faster, cheaper has long been the promise of technology in the mortgage industry. Some may argue whether today’s technology is that much better than the tools we used in the past, particularly in the servicing business where many still use platforms designed and first built decades ago. Likewise, others will argue over whether today’s tools are cheaper, given the high cost of loan origination.

No one argues about today’s technology being faster.

We can convert website browsers to prospective borrowers in seconds, with complete loan applications completed online in mere minutes. Underwriting has been a sub-minute-long process for years now. Electronic data gathering and automated verification services have made mortgage processing significantly faster. We can close loans today, if we choose to, faster than ever before. Some even now are closing purchase money loans in as few as 10 days.

Technology has empowered our industry to move quickly, and that is the biggest risk we face today.

Tripping over our own technology

Necessity is the mother of invention, we have been told. What sounds like a cliche is a truth that we see in the world all around us. We saw it last March when an obscure virus suddenly became a global pandemic. COVID did more for mortgage technology than 10 years of constant sales efforts taken by the top 100 industry technology companies.

Overnight, tools that lenders had purchased and then left to gather dust on the shelf for years suddenly became mission-critical. The rush to digital was no longer just wishful thinking. It was the only way to keep the industry moving in a world infected by the coronavirus.

In response, Remote Online Notarization, something that had been technically legal on a federal level since the turn of the century and for which technology already existed, became the hot issue of the day. Artificial intelligence, robotic process automation and machine learning were shoved out of the way as states rushed to pass laws enabling RON.

Available in only a few states when news of COVID broke, within 30 days states all across the nation were in emergency sessions doing whatever was necessary to keep the real estate and home finance industries operating in their states.

It wasn’t until weeks later that the National Notary Association began asking how its members would actually identify signers for remote online notarizations.

No one slowed down to consider the question carefully. After all, we already had an existing technology to fall back on. And fall is exactly what we did.

An outdated tool posing risk for the mortgage industry

Knowledge Based Authentication, or KBA, is a method of authenticating a person’s identity by determining whether they know things that only the actual person would know. Proponents say that the method is becoming more sophisticated as the technology finds ways to know things that the person being authenticated should know.

If these tools were actually interfacing with technology systems that had those data elements stored safely on disc and easily retrievable with a built-in search function, this might be the only form of authentication we would ever need. As it is, these tools interrogate humans to make their decisions.

This is problematic because humans don’t remember things very well, are easily confused by questions that aren’t specific (or are too specific) and are easily frustrated by systems that seem to know intimate information about their lives that they may not have known was available to the public.

A financial services company I recently contacted used KBA to authenticate me as a client by asking, “What Bank had your Auto loan that had a $344.00 payment amount in 2017?” I had two car loans with different banks during those years.

I had a 50/50 chance of getting the answer right. The wrong answer I supplied locked me out of my account for 24 hours.

It was annoying, but if I had been trying to close a real estate transaction and a mortgage loan, it would have delayed the closing and caused all manner of problems for me, the other party to the transaction, the real estate agent, the closing company and the lender.

Business referral relationships, loan rate locks, moving company data and customer satisfaction are all sacrificed in the name of speed by using technology that is not fit for the purpose.

KBA is not the tool the industry needs to move forward into the digital age. Delays and higher costs are two reasons. There is another that is more sinister.

Opening the door wide for fraud with KBA

As COVID moves closer to the exit, technologies that have been put on hold during the pandemic are starting to get more attention. AI, blockchain and borrower-facing portals that finally make consumers feel like they have some control are getting attention again. But that won’t last.

Mortgage fraud and identity verification needs are increasing such that new solutions that truly solve those problems will soon have top billing. The primary reason for this is that KBA can be hacked.

It should be obvious to any user of this technology that if they can find out financial facts about an individual then someone else can do the same thing. Which is exactly what is happening. To get this information, fraudsters aren’t hacking into computer systems. They are going after the humans themselves.

Social engineering involves exploiting human psychology to get information from people. It has been practiced for years, perhaps hundreds of years, but never as easily as in the age of online social networks.

We’ve all seen the clever Facebook posts that promise to give you an Elf name if you just provide your birth date, or tell you which of the characters on Friends most resembles you if you’ll only provide another bit of personal identification. In a short period of time, they can have enough information to begin buying the rest of your data from online brokers.

The deeper the industry gets into digital lending, electronic loan closings and digital mortgage servicing, the more fraudsters will take until we find a suitable technology to authenticate our borrowers online. Fortunately, such technologies exist today.

The rise of biometrics

Mission Impossible aside, there are aspects of each person that simply cannot be duplicated, at least not well enough to fool today’s modern authentication technologies. Facial recognition technology, for instance, has now advanced to the point that not only can the system determine whether the face on the screen belongs to the person who must electronically sign the document, but it can actually tell if the image on the screen is alive or a photograph.

This is an order of magnitude more effective than the best KBA process currently available. In fact, trying to stay ahead of fraudsters using public information will never work. Frankly, it’s a wonder it was ever adopted in the first place.

With modern biometric technology, anyone with a smartphone, tablet or desktop computer can look into a webcam and a lender on the other side of the country can know in an instant whether the person on screen is the actual person they intend to do business with.

This changes everything and makes it possible for the industry to move as quickly as we want without the fear of falling. Anything less will trip us up, cost us more money and alienate everyone we hope to partner with or serve.

This column does not necessarily reflect the opinion of HousingWire’s editorial department and its owners.

To contact the author of this story:
John Levonick at [email protected]

To contact the editor responsible for this story:
Sarah Wheeler at [email protected]

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular Articles

3d rendering of a row of luxury townhouses along a street

Log In

Forgot Password?

Don't have an account? Please